Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	201e8aabdb7097dd_oneetx.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\550693dc87\oneetx.exe
Size	236.8KB
Processes	2988 (ge009734.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`78a7981f611dc0a6a748d56dcb479e4f`
SHA1	`24b1013fca7ee1133319bc6c86903f365599d44b`
SHA256	`201e8aabdb7097dd90ae166b449adcd99eff2c9c0ab2d51d3e36de5cb06026da`
CRC32	`812B3188`
ssdeep	`3072:gMSlS07k+nF5fH1jFyhRGc6zMBdSkbcaKhSdctuVi1VWQ23mQb1EcaWVJ5L:gJl7Y+F5fHLyhRFMMBd/ySMuVidfc39`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	340c8464c2007ce3_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size	162.0B
Processes	2112 (oneetx.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`1b7c22a214949975556626d7217e9a39`
SHA1	`d01c97e2944166ed23e47e4a62ff471ab8fa031f`
SHA256	`340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87`
CRC32	`CC58D737`
ssdeep	`3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu`
Yara	None matched
VirusTotal	Search for analysis

Name	5e2450a01e8c4055_foto0189.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000013051\foto0189.exe
Size	666.0KB
Processes	2112 (oneetx.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c2e1f6396e9484c77fcea76f49301f8c`
SHA1	`6f67ebd28d425ff49db64bae0c24a075a3ac5b7d`
SHA256	`5e2450a01e8c4055c28f114b652b429373c75de795596431afe3d17068420bc4`
CRC32	`97D204FC`
ssdeep	`12288:aMrIy90iwJRiriBe6WxhJKHZ4IE1dTCnmHb8WJrUs51/weuIZwD:uywROGIfJMZ4Iu5WCPr7pwTIi`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file IsPE32 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	7705d3dc3b110aff_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size	89.0KB
Processes	2112 (oneetx.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`9e9f6b48159690d4916e38b26d8f92cb`
SHA1	`2016224921b0791d3de7d897a520d5d35eb84f34`
SHA256	`7705d3dc3b110aff6fd74fec7d343af5e49a0b7f696c231cc199ffaa6bf07053`
CRC32	`FDFBEF4D`
ssdeep	`1536:Co4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUSpaB89p:CoUCWbBNpplToUs1uNhj25LJUmaB89p`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	fc8c2f09cf780c1b_fotocr12.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000014051\fotocr12.exe
Size	537.0KB
Processes	2112 (oneetx.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fb4897077c6881a78a0c6a0c5b24cb60`
SHA1	`22f0816f4a4529b035b2030a358d4455705d1a2e`
SHA256	`fc8c2f09cf780c1bf2e3945e906f78201ab3d18c80cb4391e02359e437022f6b`
CRC32	`30CF1F9F`
ssdeep	`12288:BMrMy90rprvNCXvNsepFUkDHSwCu53/C6/BA:xyqzsXvuepFlywCu53/5pA`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file IsPE32 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis